ReactOS  0.4.14-dev-77-gd9e7c48
auth_gss.c File Reference
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <rpc/types.h>
#include <rpc/xdr.h>
#include <rpc/auth.h>
#include <rpc/auth_gss.h>
#include <rpc/clnt.h>
#include <netinet/in.h>
#include <gssapi/gssapi.h>
Include dependency graph for auth_gss.c:

Go to the source code of this file.

Classes

struct  gss_union_ctx_id_t
 
struct  rpc_gss_data
 

Macros

#define AUTH_PRIVATE(auth)   ((struct rpc_gss_data *)auth->ah_private)
 

Typedefs

typedef struct gss_union_ctx_id_t gss_union_ctx_id_desc
 
typedef struct gss_union_ctx_id_tgss_union_ctx_id_t
 

Functions

static void authgss_nextverf ()
 
static bool_t authgss_marshal ()
 
static bool_t authgss_refresh ()
 
static bool_t authgss_validate ()
 
static void authgss_destroy ()
 
static void authgss_destroy_context ()
 
static bool_t authgss_wrap ()
 
static bool_t authgss_unwrap ()
 
AUTHauthgss_create (CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
 
AUTHauthgss_create_default (CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
 
bool_t authgss_get_private_data (AUTH *auth, struct authgss_private_data *pd)
 
static void authgss_nextverf (AUTH *auth)
 
static bool_t authgss_marshal (AUTH *auth, XDR *xdrs)
 
static bool_t authgss_validate (AUTH *auth, struct opaque_auth *verf)
 
static bool_t authgss_refresh (AUTH *auth)
 
bool_t authgss_service (AUTH *auth, int svc)
 
static void authgss_destroy_context (AUTH *auth)
 
static void authgss_destroy (AUTH *auth)
 
bool_t authgss_wrap (AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 
bool_t authgss_unwrap (AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 

Variables

static struct auth_ops authgss_ops
 
static struct timeval AUTH_TIMEOUT = { 25, 0 }
 

Macro Definition Documentation

◆ AUTH_PRIVATE

#define AUTH_PRIVATE (   auth)    ((struct rpc_gss_data *)auth->ah_private)

Definition at line 143 of file auth_gss.c.

Typedef Documentation

◆ gss_union_ctx_id_desc

◆ gss_union_ctx_id_t

Function Documentation

◆ authgss_create()

AUTH* authgss_create ( CLIENT clnt,
gss_name_t  name,
struct rpc_gss_sec sec 
)

Definition at line 148 of file auth_gss.c.

149 {
150  AUTH *auth, *save_auth;
151  struct rpc_gss_data *gd;
152  OM_uint32 min_stat = 0;
153 
154  log_debug("in authgss_create()");
155 
156  memset(&rpc_createerr, 0, sizeof(rpc_createerr));
157 
158  if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
160  rpc_createerr.cf_error.re_errno = ENOMEM;
161  return (NULL);
162  }
163  if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
165  rpc_createerr.cf_error.re_errno = ENOMEM;
166  free(auth);
167  return (NULL);
168  }
169 #ifdef DEBUG
170  fprintf(stderr, "authgss_create: name is %p\n", name);
171 #endif
172  if (name != GSS_C_NO_NAME) {
173  if (gss_duplicate_name(&min_stat, name, &gd->name)
174  != GSS_S_COMPLETE) {
176  rpc_createerr.cf_error.re_errno = ENOMEM;
177  free(auth);
178  return (NULL);
179  }
180  }
181  else
182  gd->name = name;
183 
184 #ifdef DEBUG
185  fprintf(stderr, "authgss_create: gd->name is %p\n", gd->name);
186 #endif
187  gd->clnt = clnt;
188  gd->ctx = GSS_C_NO_CONTEXT;
189  gd->sec = *sec;
190 
191  gd->gc.gc_v = RPCSEC_GSS_VERSION;
192  gd->gc.gc_proc = RPCSEC_GSS_INIT;
193  gd->gc.gc_svc = gd->sec.svc;
194 
195  auth->ah_ops = &authgss_ops;
196  auth->ah_private = (caddr_t)gd;
197 
198  save_auth = clnt->cl_auth;
199  clnt->cl_auth = auth;
200 
201  if (!authgss_refresh(auth))
202  auth = NULL;
203 
204  clnt->cl_auth = save_auth;
205 
206  return (auth);
207 }
#define free
Definition: debug_ros.c:5
#define RPCSEC_GSS_VERSION
Definition: auth_gss.h:80
Definition: auth.h:205
struct rpc_gss_sec sec
Definition: auth_gss.c:137
Definition: arc.h:48
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
static struct auth_ops authgss_ops
Definition: auth_gss.c:71
CLIENT * clnt
Definition: auth_gss.c:135
smooth NULL
Definition: ftsmooth.c:416
void * ah_private
Definition: auth.h:225
struct rpc_gss_cred gc
Definition: auth_gss.c:139
AUTH * cl_auth
Definition: clnt.h:122
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
enum clnt_stat cf_stat
Definition: clnt.h:496
gss_ctx_id_t ctx
Definition: auth_gss.c:138
static bool_t authgss_refresh()
#define caddr_t
Definition: ftp.c:24
struct __auth::auth_ops * ah_ops
struct rpc_err cf_error
Definition: clnt.h:497
Definition: name.c:36
#define calloc
Definition: rosglue.h:14
FILE * stderr
#define memset(x, y, z)
Definition: compat.h:39
gss_name_t name
Definition: auth_gss.c:136
GLuint const GLchar * name
Definition: glext.h:6031

Referenced by authgss_create_default().

◆ authgss_create_default()

AUTH* authgss_create_default ( CLIENT clnt,
char service,
struct rpc_gss_sec sec 
)

Definition at line 210 of file auth_gss.c.

211 {
212  AUTH *auth;
213  OM_uint32 maj_stat = 0, min_stat = 0;
214  gss_buffer_desc sname;
215  gss_name_t name = GSS_C_NO_NAME;
216 
217  log_debug("in authgss_create_default()");
218 
219 
220  sname.value = service;
221  sname.length = strlen(service);
222 
223  maj_stat = gss_import_name(&min_stat, &sname,
224  (gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
225  &name);
226 
227  if (maj_stat != GSS_S_COMPLETE) {
228  log_status("gss_import_name", maj_stat, min_stat);
230  return (NULL);
231  }
232 
233  auth = authgss_create(clnt, name, sec);
234 
235  if (name != GSS_C_NO_NAME) {
236 #ifdef DEBUG
237  fprintf(stderr, "authgss_create_default: freeing name %p\n", name);
238 #endif
239  gss_release_name(&min_stat, &name);
240  }
241 
242  return (auth);
243 }
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
Definition: auth.h:205
struct rpc_gss_sec sec
Definition: auth_gss.c:137
void log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
Definition: authgss_prot.c:345
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
CLIENT * clnt
Definition: auth_gss.c:135
smooth NULL
Definition: ftsmooth.c:416
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
enum clnt_stat cf_stat
Definition: clnt.h:496
AUTH * authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
Definition: auth_gss.c:148
Definition: name.c:36
FILE * stderr

◆ authgss_destroy() [1/2]

static void authgss_destroy ( )
static

Referenced by authgss_refresh().

◆ authgss_destroy() [2/2]

static void authgss_destroy ( AUTH auth)
static

Definition at line 580 of file auth_gss.c.

581 {
582  struct rpc_gss_data *gd;
583  OM_uint32 min_stat;
584 
585  log_debug("in authgss_destroy()");
586 
587  gd = AUTH_PRIVATE(auth);
588 
590 
591 #ifdef DEBUG
592  fprintf(stderr, "authgss_destroy: freeing name %p\n", gd->name);
593 #endif
594  if (gd->name != GSS_C_NO_NAME)
595  gss_release_name(&min_stat, &gd->name);
596 
597  free(gd);
598  free(auth);
599 }
static void authgss_destroy_context()
#define free
Definition: debug_ros.c:5
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143
FILE * stderr
gss_name_t name
Definition: auth_gss.c:136

◆ authgss_destroy_context() [1/2]

static void authgss_destroy_context ( )
static

◆ authgss_destroy_context() [2/2]

static void authgss_destroy_context ( AUTH auth)
static

Definition at line 547 of file auth_gss.c.

548 {
549  struct rpc_gss_data *gd;
550  OM_uint32 min_stat;
551 
552  log_debug("in authgss_destroy_context()");
553 
554  gd = AUTH_PRIVATE(auth);
555 
556  if (gd->gc.gc_ctx.length != 0) {
557  if (gd->established) {
558  gd->gc.gc_proc = RPCSEC_GSS_DESTROY;
561  }
562  gss_release_buffer(&min_stat, &gd->gc.gc_ctx);
563  /* XXX ANDROS check size of context - should be 8 */
564  memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx));
565  }
566  if (gd->ctx != GSS_C_NO_CONTEXT) {
567  gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
568  gd->ctx = GSS_C_NO_CONTEXT;
569  }
570 
571  /* free saved wire verifier (if any) */
572  mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
573  gd->gc_wire_verf.value = NULL;
574  gd->gc_wire_verf.length = 0;
575 
576  gd->established = FALSE;
577 }
static struct timeval AUTH_TIMEOUT
Definition: auth_gss.c:145
bool_t established
Definition: auth_gss.c:132
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144
gss_buffer_desc gc_wire_verf
Definition: auth_gss.c:133
CLIENT * clnt
Definition: auth_gss.c:135
smooth NULL
Definition: ftsmooth.c:416
struct rpc_gss_cred gc
Definition: auth_gss.c:139
#define NULLPROC
Definition: clnt.h:294
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143
gss_ctx_id_t ctx
Definition: auth_gss.c:138
bool_t xdr_void(void)
Definition: xdr.c:92
#define clnt_call(rh, proc, xargs, argsp, xres, resp, secs)
Definition: clnt.h:202
#define mem_free(ptr, bsize)
Definition: types.h:124
#define memset(x, y, z)
Definition: compat.h:39

◆ authgss_get_private_data()

bool_t authgss_get_private_data ( AUTH auth,
struct authgss_private_data pd 
)

Definition at line 246 of file auth_gss.c.

247 {
248  struct rpc_gss_data *gd;
249 
250  log_debug("in authgss_get_private_data()");
251 
252  if (!auth || !pd)
253  return (FALSE);
254 
255  gd = AUTH_PRIVATE(auth);
256 
257  if (!gd || !gd->established)
258  return (FALSE);
259 
260  pd->pd_ctx = gd->ctx;
261  pd->pd_ctx_hndl = gd->gc.gc_ctx;
262  pd->pd_seq_win = gd->win;
263 
264  return (TRUE);
265 }
#define TRUE
Definition: types.h:120
gss_buffer_desc pd_ctx_hndl
Definition: auth_gss.h:94
bool_t established
Definition: auth_gss.c:132
struct rpc_gss_cred gc
Definition: auth_gss.c:139
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143
gss_ctx_id_t ctx
Definition: auth_gss.c:138
u_int win
Definition: auth_gss.c:140
gss_ctx_id_t pd_ctx
Definition: auth_gss.h:93

◆ authgss_marshal() [1/2]

static bool_t authgss_marshal ( )
static

◆ authgss_marshal() [2/2]

static bool_t authgss_marshal ( AUTH auth,
XDR xdrs 
)
static

Definition at line 275 of file auth_gss.c.

276 {
277  XDR tmpxdrs;
278  char tmp[MAX_AUTH_BYTES];
279  struct rpc_gss_data *gd;
280  gss_buffer_desc rpcbuf, checksum;
281  OM_uint32 maj_stat, min_stat;
282  bool_t xdr_stat;
283 
284  log_debug("in authgss_marshal()");
285 
286  gd = AUTH_PRIVATE(auth);
287 
288  if (gd->established)
289  gd->gc.gc_seq++;
290 
291  xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE);
292 
293  if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gc)) {
294  XDR_DESTROY(&tmpxdrs);
295  return (FALSE);
296  }
297  auth->ah_cred.oa_flavor = RPCSEC_GSS;
298  auth->ah_cred.oa_base = tmp;
299  auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs);
300 
301  XDR_DESTROY(&tmpxdrs);
302 
303  if (!xdr_opaque_auth(xdrs, &auth->ah_cred))
304  return (FALSE);
305 
306  if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
307  gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
308  return (xdr_opaque_auth(xdrs, &_null_auth));
309  }
310  /* Checksum serialized RPC header, up to and including credential. */
311  rpcbuf.length = XDR_GETPOS(xdrs);
312  XDR_SETPOS(xdrs, 0);
313  rpcbuf.value = XDR_INLINE(xdrs, rpcbuf.length);
314 
315  maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
316  &rpcbuf, &checksum);
317 
318  if (maj_stat != GSS_S_COMPLETE) {
319  log_status("gss_get_mic", maj_stat, min_stat);
320  if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
321  gd->established = FALSE;
323  }
324  return (FALSE);
325  }
326  auth->ah_verf.oa_flavor = RPCSEC_GSS;
327  auth->ah_verf.oa_base = checksum.value;
328  auth->ah_verf.oa_length = checksum.length;
329 
330  xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf);
331  gss_release_buffer(&min_stat, &checksum);
332 
333  return (xdr_stat);
334 }
static void authgss_destroy_context()
#define MAX_AUTH_BYTES
Definition: auth.h:77
#define XDR_GETPOS(xdrs)
Definition: xdr.h:199
int32_t bool_t
Definition: types.h:101
struct rpc_gss_sec sec
Definition: auth_gss.c:137
bool_t established
Definition: auth_gss.c:132
Definition: xdr.h:103
struct opaque_auth _null_auth
void log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
Definition: authgss_prot.c:345
struct rpc_gss_cred gc
Definition: auth_gss.c:139
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
struct opaque_auth ah_verf
Definition: auth.h:207
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143
gss_ctx_id_t ctx
Definition: auth_gss.c:138
Definition: xdr.h:85
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
Definition: fdi.c:353
#define XDR_INLINE(xdrs, len)
Definition: xdr.h:209
#define XDR_SETPOS(xdrs, pos)
Definition: xdr.h:204
void xdrmem_create(XDR *xdrs, char *addr, u_int size, enum xdr_op op)
Definition: xdr_mem.c:94
bool_t xdr_opaque_auth()
struct opaque_auth ah_cred
Definition: auth.h:206
bool_t xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
Definition: authgss_prot.c:48
#define XDR_DESTROY(xdrs)
Definition: xdr.h:214
#define RPCSEC_GSS
Definition: nfs41_ops.h:867

◆ authgss_nextverf() [1/2]

static void authgss_nextverf ( )
static

◆ authgss_nextverf() [2/2]

static void authgss_nextverf ( AUTH auth)
static

Definition at line 268 of file auth_gss.c.

269 {
270  log_debug("in authgss_nextverf()");
271  /* no action necessary */
272 }
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977

◆ authgss_refresh() [1/2]

static bool_t authgss_refresh ( )
static

Referenced by authgss_create().

◆ authgss_refresh() [2/2]

static bool_t authgss_refresh ( AUTH auth)
static

Definition at line 391 of file auth_gss.c.

392 {
393  struct rpc_gss_data *gd;
394  struct rpc_gss_init_res gr;
395  gss_buffer_desc *recv_tokenp, send_token;
396  OM_uint32 maj_stat, min_stat, call_stat, ret_flags;
397 
398  log_debug("in authgss_refresh()");
399 
400  gd = AUTH_PRIVATE(auth);
401 
402  if (gd->established)
403  return (TRUE);
404 
405  /* GSS context establishment loop. */
406  memset(&gr, 0, sizeof(gr));
407  recv_tokenp = GSS_C_NO_BUFFER;
408 
409 #ifdef DEBUG
410  print_rpc_gss_sec(&gd->sec);
411 #endif /*DEBUG*/
412 
413  for (;;) {
414 #ifdef DEBUG
415  /* print the token we just received */
416  if (recv_tokenp != GSS_C_NO_BUFFER) {
417  log_debug("The token we just received (length %d):",
418  recv_tokenp->length);
419  log_hexdump(recv_tokenp->value, recv_tokenp->length, 0);
420  }
421 #endif
422  maj_stat = gss_init_sec_context(&min_stat,
423  gd->sec.cred,
424  &gd->ctx,
425  gd->name,
426  gd->sec.mech,
427  gd->sec.req_flags,
428  0, /* time req */
429  NULL, /* channel */
430  recv_tokenp,
431  NULL, /* used mech */
432  &send_token,
433  &ret_flags,
434  NULL); /* time rec */
435 
436  if (recv_tokenp != GSS_C_NO_BUFFER) {
437  gss_release_buffer(&min_stat, &gr.gr_token);
438  recv_tokenp = GSS_C_NO_BUFFER;
439  }
440  if (maj_stat != GSS_S_COMPLETE &&
441  maj_stat != GSS_S_CONTINUE_NEEDED) {
442  log_status("gss_init_sec_context", maj_stat, min_stat);
443  break;
444  }
445  if (send_token.length != 0) {
446  memset(&gr, 0, sizeof(gr));
447 
448 #ifdef DEBUG
449  /* print the token we are about to send */
450  log_debug("The token being sent (length %d):",
451  send_token.length);
452  log_hexdump(send_token.value, send_token.length, 0);
453 #endif
454 
455  call_stat = clnt_call(gd->clnt, NULLPROC,
457  &send_token,
459  (caddr_t)&gr, AUTH_TIMEOUT);
460 
461  gss_release_buffer(&min_stat, &send_token);
462 
463  if (call_stat != RPC_SUCCESS ||
464  (gr.gr_major != GSS_S_COMPLETE &&
465  gr.gr_major != GSS_S_CONTINUE_NEEDED))
466  return FALSE;
467 
468  if (gr.gr_ctx.length != 0) {
469  if (gd->gc.gc_ctx.value)
470  gss_release_buffer(&min_stat,
471  &gd->gc.gc_ctx);
472  gd->gc.gc_ctx = gr.gr_ctx;
473  }
474  if (gr.gr_token.length != 0) {
475  if (maj_stat != GSS_S_CONTINUE_NEEDED)
476  break;
477  recv_tokenp = &gr.gr_token;
478  }
479  gd->gc.gc_proc = RPCSEC_GSS_CONTINUE_INIT;
480  }
481 
482  /* GSS_S_COMPLETE => check gss header verifier,
483  * usually checked in gss_validate
484  */
485  if (maj_stat == GSS_S_COMPLETE) {
486  gss_buffer_desc bufin;
487  gss_buffer_desc bufout;
488  u_int seq, qop_state = 0;
489 
490  seq = htonl(gr.gr_win);
491  bufin.value = (unsigned char *)&seq;
492  bufin.length = sizeof(seq);
493  bufout.value = (unsigned char *)gd->gc_wire_verf.value;
494  bufout.length = gd->gc_wire_verf.length;
495 
496  maj_stat = gss_verify_mic(&min_stat, gd->ctx,
497  &bufin, &bufout, &qop_state);
498 
499  if (maj_stat != GSS_S_COMPLETE
500  || qop_state != gd->sec.qop) {
501  log_status("gss_verify_mic", maj_stat, min_stat);
502  if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
503  gd->established = FALSE;
505  }
506  return (FALSE);
507  }
508  gd->established = TRUE;
509  gd->gc.gc_proc = RPCSEC_GSS_DATA;
510  gd->gc.gc_seq = 0;
511  gd->win = gr.gr_win;
512  break;
513  }
514  }
515  /* End context negotiation loop. */
516  if (gd->gc.gc_proc != RPCSEC_GSS_DATA) {
517  if (gr.gr_token.length != 0)
518  gss_release_buffer(&min_stat, &gr.gr_token);
519 
520  authgss_destroy(auth);
521  auth = NULL;
523 
524  return (FALSE);
525  }
526  return (TRUE);
527 }
static void authgss_destroy_context()
#define TRUE
Definition: types.h:120
static struct timeval AUTH_TIMEOUT
Definition: auth_gss.c:145
#define htonl(x)
Definition: module.h:212
bool_t xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
Definition: authgss_prot.c:86
struct rpc_gss_sec sec
Definition: auth_gss.c:137
void log_hexdump(bool_t on, const u_char *title, const u_char *buf, int len, int offset)
Definition: auth_sspi.c:942
bool_t established
Definition: auth_gss.c:132
char * caddr_t
Definition: rosdhcp.h:36
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144
void print_rpc_gss_sec(struct rpc_sspi_sec *ptr)
Definition: auth_sspi.c:859
void log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
Definition: authgss_prot.c:345
gss_buffer_desc gc_wire_verf
Definition: auth_gss.c:133
CLIENT * clnt
Definition: auth_gss.c:135
smooth NULL
Definition: ftsmooth.c:416
struct rpc_gss_cred gc
Definition: auth_gss.c:139
#define NULLPROC
Definition: clnt.h:294
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143
enum clnt_stat cf_stat
Definition: clnt.h:496
gss_ctx_id_t ctx
Definition: auth_gss.c:138
static void authgss_destroy()
u_int win
Definition: auth_gss.c:140
bool_t xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
Definition: authgss_prot.c:70
UINT32 u_int
Definition: types.h:82
#define clnt_call(rh, proc, xargs, argsp, xres, resp, secs)
Definition: clnt.h:202
#define memset(x, y, z)
Definition: compat.h:39
gss_name_t name
Definition: auth_gss.c:136

◆ authgss_service()

bool_t authgss_service ( AUTH auth,
int  svc 
)

Definition at line 530 of file auth_gss.c.

531 {
532  struct rpc_gss_data *gd;
533 
534  log_debug("in authgss_service()");
535 
536  if (!auth)
537  return(FALSE);
538  gd = AUTH_PRIVATE(auth);
539  if (!gd || !gd->established)
540  return (FALSE);
541  gd->sec.svc = svc;
542  gd->gc.gc_svc = svc;
543  return (TRUE);
544 }
#define TRUE
Definition: types.h:120
struct rpc_gss_sec sec
Definition: auth_gss.c:137
bool_t established
Definition: auth_gss.c:132
struct rpc_gss_cred gc
Definition: auth_gss.c:139
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143

◆ authgss_unwrap() [1/2]

static bool_t authgss_unwrap ( )
static

◆ authgss_unwrap() [2/2]

bool_t authgss_unwrap ( AUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr 
)

Definition at line 619 of file auth_gss.c.

620 {
621  struct rpc_gss_data *gd;
622 
623  log_debug("in authgss_unwrap()");
624 
625  gd = AUTH_PRIVATE(auth);
626 
627  if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
628  return ((*xdr_func)(xdrs, xdr_ptr));
629  }
630  return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
631  gd->ctx, gd->sec.qop,
632  gd->sec.svc, gd->gc.gc_seq));
633 }
struct rpc_gss_sec sec
Definition: auth_gss.c:137
bool_t established
Definition: auth_gss.c:132
bool_t xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, rpc_gss_svc_t svc, u_int seq)
Definition: authgss_prot.c:251
struct rpc_gss_cred gc
Definition: auth_gss.c:139
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143
gss_ctx_id_t ctx
Definition: auth_gss.c:138

◆ authgss_validate() [1/2]

static bool_t authgss_validate ( )
static

◆ authgss_validate() [2/2]

static bool_t authgss_validate ( AUTH auth,
struct opaque_auth verf 
)
static

Definition at line 337 of file auth_gss.c.

338 {
339  struct rpc_gss_data *gd;
340  u_int num, qop_state;
341  gss_buffer_desc signbuf, checksum;
342  OM_uint32 maj_stat, min_stat;
343 
344  log_debug("in authgss_validate()");
345 
346  gd = AUTH_PRIVATE(auth);
347 
348  if (gd->established == FALSE) {
349  /* would like to do this only on NULL rpc --
350  * gc->established is good enough.
351  * save the on the wire verifier to validate last
352  * INIT phase packet after decode if the major
353  * status is GSS_S_COMPLETE
354  */
355  if ((gd->gc_wire_verf.value =
356  mem_alloc(verf->oa_length)) == NULL) {
357  fprintf(stderr, "gss_validate: out of memory\n");
358  return (FALSE);
359  }
360  memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
361  gd->gc_wire_verf.length = verf->oa_length;
362  return (TRUE);
363  }
364 
365  if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
366  gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
367  num = htonl(gd->win);
368  }
369  else num = htonl(gd->gc.gc_seq);
370 
371  signbuf.value = &num;
372  signbuf.length = sizeof(num);
373 
374  checksum.value = verf->oa_base;
375  checksum.length = verf->oa_length;
376 
377  maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
378  &checksum, &qop_state);
379  if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
380  log_status("gss_verify_mic", maj_stat, min_stat);
381  if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
382  gd->established = FALSE;
384  }
385  return (FALSE);
386  }
387  return (TRUE);
388 }
static void authgss_destroy_context()
#define TRUE
Definition: types.h:120
u_int oa_length
Definition: auth.h:198
#define htonl(x)
Definition: module.h:212
caddr_t oa_base
Definition: auth.h:197
struct rpc_gss_sec sec
Definition: auth_gss.c:137
bool_t established
Definition: auth_gss.c:132
#define mem_alloc(bsize)
Definition: types.h:123
void log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
Definition: authgss_prot.c:345
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
gss_buffer_desc gc_wire_verf
Definition: auth_gss.c:133
smooth NULL
Definition: ftsmooth.c:416
struct rpc_gss_cred gc
Definition: auth_gss.c:139
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143
GLuint GLuint num
Definition: glext.h:9618
gss_ctx_id_t ctx
Definition: auth_gss.c:138
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
Definition: fdi.c:353
u_int win
Definition: auth_gss.c:140
UINT32 u_int
Definition: types.h:82
FILE * stderr

◆ authgss_wrap() [1/2]

static bool_t authgss_wrap ( )
static

◆ authgss_wrap() [2/2]

bool_t authgss_wrap ( AUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr 
)

Definition at line 602 of file auth_gss.c.

603 {
604  struct rpc_gss_data *gd;
605 
606  log_debug("in authgss_wrap()");
607 
608  gd = AUTH_PRIVATE(auth);
609 
610  if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
611  return ((*xdr_func)(xdrs, xdr_ptr));
612  }
613  return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
614  gd->ctx, gd->sec.qop,
615  gd->sec.svc, gd->gc.gc_seq));
616 }
struct rpc_gss_sec sec
Definition: auth_gss.c:137
bool_t established
Definition: auth_gss.c:132
bool_t xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, rpc_gss_svc_t svc, u_int seq)
Definition: authgss_prot.c:251
struct rpc_gss_cred gc
Definition: auth_gss.c:139
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
#define AUTH_PRIVATE(auth)
Definition: auth_gss.c:143
gss_ctx_id_t ctx
Definition: auth_gss.c:138

Variable Documentation

◆ AUTH_TIMEOUT

struct timeval AUTH_TIMEOUT = { 25, 0 }
static

Definition at line 145 of file auth_gss.c.

Referenced by authgss_destroy_context(), and authgss_refresh().

◆ authgss_ops

struct auth_ops authgss_ops
static
Initial value:
= {
}
static bool_t authgss_validate()
static bool_t authgss_marshal()
static bool_t authgss_wrap()
static bool_t authgss_unwrap()
static void authgss_destroy()
static bool_t authgss_refresh()
static void authgss_nextverf()

Definition at line 71 of file auth_gss.c.

Referenced by authgss_create().